VYPR

Crater

by Crater Invoice

Source repositories

CVEs (6)

  • CVE-2024-55556CriJan 7, 2025
    risk 0.74cvss 9.8epss 0.44

    A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data. The…

  • CVE-2023-46865HigOct 30, 2023
    risk 0.48cvss 7.2epss 0.20

    /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.

  • CVE-2022-1032HigMar 29, 2022
    risk 0.00cvss 7.2epss 0.02

    Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.

  • CVE-2022-1033HigMar 23, 2022
    risk 0.00cvss 7.8epss 0.01

    Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.

  • CVE-2022-0515MedMar 21, 2022
    risk 0.00cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.

  • CVE-2022-0514MedMar 21, 2022
    risk 0.00cvss 6.5epss 0.01

    Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.